Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

vegas23

Posted 09 April 2008 - 09:13 PM

vegas23

New Member

Member

4 posts

Here are the Two Logs, first is Hijackthis list, second is the uninstall list. I have a Toshiba Portage M300 computer, I have an updated Norton Internet security suite, I tried the Microsoft Malware remover, AVG free, and have installed Spyware blaster and the ATF cleaner.

Advertisements

greyknight17

Posted 14 April 2008 - 08:52 PM

greyknight17

Malware Expert

Visiting Consultant

16,560 posts

Welcome to GTG.

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them):

C:\Documents and Settings\All Users\Application Data\futixibo\

Go to http://www.bleepingc...to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.

C:\Documents and Settings\Victor\Desktopblackbird.jpgC:\Documents and Settings\Victor\DesktopEditorFKWP1.5.exeC:\Documents and Settings\Victor\DesktopEditorFKWP2.0.exeC:\Documents and Settings\Victor\Desktopfilemanagerclient.exeC:\Documents and Settings\Victor\Desktopfkwp1.5.exeC:\Documents and Settings\Victor\Desktopfkwp2.0.exeC:\Documents and Settings\Victor\Desktopfwebd.exeC:\Documents and Settings\Victor\DesktopFWebdEditor.exeC:\Documents and Settings\Victor\DesktopTrojan.Win32.BlackBird.exeC:\Documents and Settings\Victor\DesktopviriiC:\Program Files\aklC:\Program Files\akl\akl.dllC:\Program Files\akl\akl.exeC:\Program Files\akl\uninstall.exeC:\Program Files\akl\unsetup.exeC:\Program Files\PC-CleanerC:\WINDOWS\a.batC:\WINDOWS\base64.tmpC:\WINDOWS\bdn.comC:\WINDOWS\fkdnrwsv.dllC:\WINDOWS\FVProtect.exeC:\WINDOWS\iTunesMusic.exeC:\WINDOWS\mslagentC:\WINDOWS\mslagent\2_mslagent.dllC:\WINDOWS\mslagent\mslagent.exeC:\WINDOWS\mslagent\uninstall.exeC:\WINDOWS\mssecu.exeC:\WINDOWS\sxfnewqb.dllC:\WINDOWS\system32\PXIOnUvw.iniC:\WINDOWS\system32\PXIOnUvw.ini2C:\WINDOWS\system32akttzn.exeC:\WINDOWS\system32anticipator.dllC:\WINDOWS\system32awtoolb.dllC:\WINDOWS\system32bdn.comC:\WINDOWS\system32bsva-egihsg52.exeC:\WINDOWS\system32dpcproxy.exeC:\WINDOWS\system32emesx.dllC:\WINDOWS\[email protected]@@k.dllC:\WINDOWS\system32hoproxy.dllC:\WINDOWS\system32hxiwlgpm.datC:\WINDOWS\system32hxiwlgpm.exeC:\WINDOWS\system32medup012.dllC:\WINDOWS\system32medup020.dllC:\WINDOWS\system32msgp.exeC:\WINDOWS\system32msnbho.dllC:\WINDOWS\system32mssecu.exeC:\WINDOWS\system32msvchost.exeC:\WINDOWS\system32mtr2.exeC:\WINDOWS\system32mwin32.exeC:\WINDOWS\system32netode.exeC:\WINDOWS\system32newsd32.exeC:\WINDOWS\system32ps1.exeC:\WINDOWS\system32psof1.exeC:\WINDOWS\system32psoft1.exeC:\WINDOWS\system32regc64.dllC:\WINDOWS\system32regm64.dllC:\WINDOWS\system32Rundl1.exeC:\WINDOWS\system32smpC:\WINDOWS\system32smp\msrc.exeC:\WINDOWS\system32sncntr.exeC:\WINDOWS\system32ssurf022.dllC:\WINDOWS\system32ssvchost.comC:\WINDOWS\system32ssvchost.exeC:\WINDOWS\system32sysreq.exeC:\WINDOWS\system32taack.datC:\WINDOWS\system32taack.exeC:\WINDOWS\system32temp#01.exeC:\WINDOWS\system32thun.dllC:\WINDOWS\system32thun32.dllC:\WINDOWS\system32VBIEWER.OCXC:\WINDOWS\system32vbsys2.dllC:\WINDOWS\system32vcatchpi.dllC:\WINDOWS\system32winlogonpc.exeC:\WINDOWS\system32winsystem.exeC:\WINDOWS\system32WINWGPX.EXEC:\WINDOWS\userconfig9x.dllC:\WINDOWS\winsystem.exeC:\WINDOWS\zip1.tmpC:\WINDOWS\zip2.tmpC:\WINDOWS\zip3.tmpC:\WINDOWS\zipped.tmp

.((((((((((((((((((((((((( Files Created from 2008-03-20 to 2008-04-20 ))))))))))))))))))))))))))))))).

greyknight17

Posted 19 April 2008 - 09:03 PM

greyknight17

Malware Expert

Visiting Consultant

16,560 posts

Go back to the page where you got Combofix and follow the instructions on how to install the XP Recovery Console. Skip the part for the Windows CD. Download the bootdisk instead and drag/drop it into Combofix.

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy and paste the text into the quotebox below:

Save this as CFScript.txt in the same location as the ComboFix.exe tool.Drag the CFScript.txt into ComboFix.exeFollow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

vegas23

Posted 20 April 2008 - 06:23 AM

vegas23

New Member

Topic Starter

Member

4 posts

Greyknight17, The computer is running much better. Also, I now have access to my "Task Manager"! I tried running the XP recovery before but I must have done something wrong. I think I did it correctly this time. Here is the Log file from Combofix after running the script you sent me.

greyknight17

Posted 20 April 2008 - 10:26 AM

greyknight17

Malware Expert

Visiting Consultant

16,560 posts

It's installed successfully now. You will never need this unless something horrible has happened (like Windows having booting issues). We can assist you in recovering the system by booting into this console and either reset or replace certain files to make it bootable again.